HIPAA Enforcement Director Names Top HIPAA Threats

Has HIPAA enforcement changed since the Trump Administration took office?

HIPAA falls under the jurisdiction of the Department of Health and Human Services (HHS) and is enforced by the Office for Civil Rights (OCR). When a HIPAA violation gets investigated, OCR auditors are in charge of determining the compliance of the organization’s HIPAA program with the mandatory federal regulations.

Current OCR Director, Roger Severino spoke at length at a conference on HIPAA Privacy and Security about upcoming trends in HIPAA enforcement.

“I haven’t zoomed in on a particular area, whether it will be cybersecurity, ransomware, physical security etc,” Severino began. “It wouldn’t be the best tactic to say what we’re looking for, but I think coming into this job, I’ve gotten up to speed on HIPAA, and as the threats evolve, we have to evolve in how we approach it –and we have to be smart about who we target.”

It’s clear that OCR will continue to adapt their HIPAA enforcement efforts to new and emergent trends in the market. Ransomware has been a big topic in 2017, with major attacks affecting over 150 countries around the world in June and July, alone.

“At most I will say the big, juicy case is going to be my priority and the methods for us finding it–stay tuned,” Severino said.

HIPAA Enforcement Against Small Practices

In the past few years, HIPAA enforcement has been affecting more and more small health care organizations and practices. Historically, large hospital systems and health care players have been the targets of HIPAA fines. Trends have been slowly moving away from this pattern though, as evidenced by the scope of practices listed on the OCR Wall of Shame. Smaller practices are being investigated for HIPAA violations every day.

Director Severino went on to say: “Just because you are small doesn’t mean we’re not looking and that you are safe if you are violating the law. You won’t be.”

This is a clear message to health care practices off all kind that HIPAA compliance programs are more essential now than ever before.

HIPAA Resources

Compliancy Group gives behavioral health professionals confidence in their HIPAA compliance with The Guard®. The Guard is a web-based HIPAA compliance solution, built by former auditors to help simplify compliance.

Compliancy Group’s team of expert Compliance Coaches® field questions and guide users through the implementation process, taking the stress out of managing compliance. The Guard is built to address the full extent of HIPAA regulation, including fully automated documentation of policies, procedures, employee training, and remediation plans.

With The Guard, behavioral health professionals can focus on running their practice while keeping their patients’ data protected and secure.